From owner-freebsd-hackers@FreeBSD.ORG Mon Apr 21 14:02:00 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51398106566B for ; Mon, 21 Apr 2008 14:02:00 +0000 (UTC) (envelope-from fbsd06+VG=93acc154@mlists.homeunix.com) Received: from turtle-out.mxes.net (turtle-out.mxes.net [216.86.168.191]) by mx1.freebsd.org (Postfix) with ESMTP id 277C08FC0C for ; Mon, 21 Apr 2008 14:01:59 +0000 (UTC) (envelope-from fbsd06+VG=93acc154@mlists.homeunix.com) Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178]) by turtle-in.mxes.net (Postfix) with ESMTP id 35696163F59 for ; Mon, 21 Apr 2008 09:34:15 -0400 (EDT) Received: from gumby.homeunix.com. (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id BF03823E3EF for ; Mon, 21 Apr 2008 09:34:13 -0400 (EDT) Date: Mon, 21 Apr 2008 14:34:10 +0100 From: RW To: freebsd-hackers@freebsd.org Message-ID: <20080421143410.240f954b@gumby.homeunix.com.> In-Reply-To: References: <20080419175655.51a37bb2@gumby.homeunix.com.> <20080420183135.78b8c710@gumby.homeunix.com.> X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.9; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Yarrow's Counter X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Apr 2008 14:02:00 -0000 On Mon, 21 Apr 2008 14:48:30 +0400 Eygene Ryabinkin wrote: > Good day. > > Sun, Apr 20, 2008 at 06:31:35PM +0100, RW wrote: > > > this modification seems not to help anything, > > > > It possibly doesn't help with an attack against Yarrow itself, but > > it means that 512 bits of entropy, rather than 256 bits, can be > > read-out from /dev/random. > > The only source of entropy is the entropy pool. The key and the > counter are both derived from this pool, so if you will concatenate > two 256 bit values you will not gain more entropy. > ... > > Am I missing something? If you encrypt the previous value of the counter, instead of zero, the counter will then depend on all the previous keys, and not just the current one. With the default settings any two keys more than one reseed apart are completely independent.